4th International ICST Conference on Security and Privacy in Communication Networks

Research Article

Location privacy based on trusted computing and secure logging

  • @INPROCEEDINGS{10.1145/1460877.1460898,
        author={Urs Hengartner},
        title={Location privacy based on trusted computing and secure logging},
        proceedings={4th International ICST Conference on Security and Privacy in Communication Networks},
        publisher={ACM},
        proceedings_a={SECURECOMM},
        year={2008},
        month={9},
        keywords={Location-based Services Timing Attacks Trusted Platform Module},
        doi={10.1145/1460877.1460898}
    }
    
  • Urs Hengartner
    Year: 2008
    Location privacy based on trusted computing and secure logging
    SECURECOMM
    ACM
    DOI: 10.1145/1460877.1460898
Urs Hengartner1,*
  • 1: Cheriton School of Computer Science, University of Waterloo, Waterloo ON, N2L 3G1, Canada
*Contact email: uhengart@cs.uwaterloo.ca

Abstract

Many operators of cellphone networks now offer location-based services to their customers, whereby an operator often outsources service provisioning to a third-party provider. Since a person's location could reveal sensitive information about the person, the operator must ensure that the service provider processes location information about the operator's customers in a privacy-preserving way. So far, this assurance has been based on a legal contract between the operator and the provider. However, there has been no technical mechanism that lets the operator verify whether the provider adheres to the privacy policy outlined in the contract. We propose an architecture for location-based services based on Trusted Computing and Secure Logging that provides such a technical mechanism. Trusted Computing lets an operator query the configuration of a location-based service. The operator will hand over location information to the service only if the service is configured such that the service provider cannot get access to location information using software-based attacks. This includes passive attacks, where the provider monitors information flowing into and out of its service, and active attacks, where the provider modifies or injects customer queries to the service. We introduce several requirements that must be satisfied by a location-based service to defend against passive attacks. Furthermore, we present Secure Logging, an auditing mechanism to defend against active attacks.